In order to maintain the operation of a voice-over-Internet-Protocol (VOIP) network, a service provider typically employs teams of network technicians for entering service orders, managing network inventory, provisioning service, monitoring network performance, maintaining network operation, performing network upgrades and network services upgrades, and for performing like activities. Unfortunately, providing such well-intentioned users access to production VOIP network components may result in significant problems (e.g., loss of service, degraded network performance, and the like) due to a variety of factors. For example, a user with access (e.g., read/write) to VOIP network components may unknowingly reconfigure particular network component parameters, incorrectly modify complex software, accidentally modify network service functions, and the like, resulting in associated network problems.
In the current paradigm, service providers typically provide network technicians with logins and passwords associated with each of the individual network components, such as network elements (e.g., core routers, edge routers, and the like), service elements (e.g., network routing engines, user profile engines, and the like), and like network components. As such, each of the network technicians has direct, unsupervised access to at least a portion of the network components. Given the likelihood of unintentional human error, especially in light of the increasing complexity of telecommunications systems, such a paradigm of unsupervised access by network technicians to production networks exposes service providers to substantial risks.
Accordingly, a need exists in the art for a method and apparatus for controlling access to production network components and for validating actions performed by authenticated users on those network components.